Google Search, Data Breach Survey, Mobile Security Lead Week's Security News
Data breaches, mobile security and malicious links in Google search seemed to be on everyone's mind this week.
Hours after the devastating earthquake in Japan, cyber-criminals had already poisoned the search results for "most recent earthquake in Japan." The malicious links directed users to a fake antivirus page. By midday, it appeared that pages referencing the SEO poisoning had bumped down the malicious links, but Trend Micro researchers predicted there will be further attempts to push the malicious links further up on search results pages.
The latest attempt to pollute Google's search results came less than a day after Google rolled out a new tool that will allow users to block certain results from appearing in search indexes. The option is the latest in a string of moves by the search giant to block unsavory or unwanted content to cut down on search spam.
Everyone was buzzing about the annual data breach survey from the Ponemon Institute that pegged the average cost of data breaches at $7.2 million in 2010. If that number wasn't startling enough, the researchers from the Ponemon Institute found that moving quickly on the data breach actually drove up costs. Apparently, companies should move slowly and take the time to thoroughly investigate the breach before notifying their users.
It was the week for data security surveys, indicating an increase in the number of malvertisements, or malicious advertisements, served up by third-party ad networks. In 2010, there were over 3 million impressions of the type of malware that affected users' experience on the London Stock Exchange.
The Internet is getting to be more dangerous, and the users are complaining. The FTC reported an increase in the number of online fraud complaints in 2010, noting that there were more people complaining about identity theft, buying things online and not getting what was advertised, or about malware, adware and spyware. In previous years, the FTC had noticed more disputes about not being able to cancel accounts with Internet service providers or other online services.
Mobile security was also a big concern, with companies thinking about securing user devices as well as company-issued mobile devices to ensure corporate networks and data remain safe. This was even more of a concern after Trend Micro researchers reported finding a mobile Zeus variant for BlackBerry phones last week.
Even with CIOs and technology professionals expressing concerns about future data breaches and outside attacks, a poll of RSA Conference attendees in February conducted by Ipswitch File Transfer found that a significant number of them hadn't actually implemented existing best practices to ensure proper data security.
It was an exciting week, too, for attendees at CanSecWest in Vancouver, British Columbia, who watched security researchers attempt to compromise the four major Web browsers and four major mobile platforms. All the ones that researchers attempted to breach-the Safari browser for the Mac OS X, Internet Explorer 8, Apple iPhone and RIM's BlackBerry-fell as a result of various vulnerabilities in WebKit and drive-by exploits. The others-Google Chrome, Mozilla Firefox, Windows Phone 7 and Google Android-survived by default because none of the attending researchers had found an exploit to take advantage of.
Perhaps the bug bounty programs that Google and Mozilla have in place are working out very well.